Many types of interactions on computer systems, such as authenticated log-ins and other transaction-based processes, are insecure. For example, when attempting to log in to a website on a computer, the website may request a username and password. Anyone with that set of information—be it an authorized user or a nefarious one—may use the website for any purpose. To combat this insecurity, some transactions require multi-factor authentication—often referred to as “what you know and what you have.” For example, when logging into a website, the website may request a username/password combination (“what you know”) along with a six-digit number displayed on an electronic device (“what you have”). The six-digit number may change every 30 seconds so as to avoid reuse by an unauthorized user. As another example, a credit card may have information stored on it that can enable a credit card processor to know whether the card is physically present in the user's hands. For example, while the card may have a card number printed on the obverse (“what you know”) some information may only be present as part of an EMV chip (“what you have”). Certain devices may read information from the EMV chip for contactless authentication of the user. Some devices allow multi-factor authentication using a “what you know” factor and a “what you are,” e.g., a biometric such as face recognition, fingerprint verification, and/or iris scan. However, this procedure also lacks the ideal level of security in that a nefarious user may be able to copy the information stored on the card, and verification information on the card may be static. Thus, a nefarious user may copy and repeatedly use the verification information.
Due to these and other drawbacks associated with user authentication, a user may choose not to use his transaction card as a means of authentication with a mobile device. Therefore, a need exists for technology allowing for, among other things, a secure and efficient authentication of a user of a transaction card.